meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Gyorgy Sarvari	3f2293398f	nodejs: mark CVE-2026-21710 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710 The CVE is fixed in the current recipe version[1], but NVD tracks it without verison info. Mark it as patched in the recipe. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit `b483760dba`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-05-08 07:22:44 +05:30
Gyorgy Sarvari	6c4868d3f7	nodejs: ignore fixed CVEs All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712, which does not affect v22 series, because it was introduced in a later version[2]. All these CVEs are tracked without version info by NVD at the time of creating this patch. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md [2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-24 21:13:20 +05:30
Jason Schonberg	2c70222d32	nodejs: upgrade 22.22.1 -> 22.22.2 This is the March 2026 security release. 2 high severity issues. 5 medium severity issues. 2 low severity issues. High priority fixes: CVE-2026-21637 CVE-2026-21710 Medium priority fixes: CVE-2026-21711 (affects only nodejs v25) CVE-2026-21712 (affects only nodejs v24 & v25) CVE-2026-21713 CVE-2026-21714 CVE-2026-21717 Low priority fixes: CVE-2026-21715 CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit `d32cd27eaa`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-24 21:13:20 +05:30

Gyorgy Sarvari

3f2293398f

nodejs: mark CVE-2026-21710 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710

The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.

Mark it as patched in the recipe.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b483760dba)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

2026-05-08 07:22:44 +05:30

Gyorgy Sarvari

6c4868d3f7

nodejs: ignore fixed CVEs

All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

2026-04-24 21:13:20 +05:30

Jason Schonberg

2c70222d32

nodejs: upgrade 22.22.1 -> 22.22.2

This is the March 2026 security release.

  2 high severity issues.
  5 medium severity issues.
  2 low severity issues.

High priority fixes:
  CVE-2026-21637
  CVE-2026-21710

Medium priority fixes:
  CVE-2026-21711 (affects only nodejs v25)
  CVE-2026-21712 (affects only nodejs v24 & v25)
  CVE-2026-21713
  CVE-2026-21714
  CVE-2026-21717

Low priority fixes:
  CVE-2026-21715
  CVE-2026-21716

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit d32cd27eaa)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

2026-04-24 21:13:20 +05:30

3 Commits